MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Security issue after upgrade to 1.6.5
Full Version: Security issue after upgrade to 1.6.5
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4

sarisisop

2011-12-16, 04:24 PM
I have just upgraded to 1.6.5 clicked Check Templates and it reported the following:

The following errors were encountered:

The templates below matched known security issues. Please review them.

Quote:The Master Templates have been altered. Please contact the MyBB Group for support on how to alter these.
header_welcomeblock_member_admin
member_profile_adminoptions

I'm still a relative newbie so would appreciate any help.

Thanks

Nathan Malcolm

2011-12-16, 04:27 PM
Edit those two templates and replace {$config['admin_dir']] with {$admin_dir}

ranjani

2011-12-16, 04:28 PM
Edit : not seen Malcolm's precise response


can you post their content in php tags ... you can simply try reverting them to original ...

sarisisop

2011-12-16, 04:36 PM
header_welcomeblock_member_admin
&mdash; <a href="{$mybb->settings['bburl']}/{$admin_dir}/index.php">{$lang->welcome_admin}</a>
<a href="stats.php">{$lang->forumstats}</a>

member_profile_adminoptions
<br /><table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" width="100%" class="tborder">
<tr>
<td colspan="2" class="thead"><strong>{$lang->admin_options}</strong></td>
</tr>
<tr>
<td class="trow1">
<ul>
<li><a href="{$mybb->settings['bburl']}/{$config['admin_dir']}/index.php?module=user-users&amp;action=edit&amp;uid={$uid}">{$lang->admin_edit_in_acp}</a></li>
<li><a href="{$mybb->settings['bburl']}/{$config['admin_dir']}/index.php?module=user-banning&amp;uid={$uid}">{$lang->admin_ban_in_acp}</a></li>
</ul>
</td>
</tr>
</table>

Paul H.

2011-12-16, 04:41 PM
(2011-12-16, 04:27 PM)Nathan Malcolm Wrote: [ -> ]Edit those two templates and replace {$config['admin_dir']] with {$admin_dir}

ranjani

2011-12-16, 04:43 PM
please follow Malcolm's suggestion . AND not sure the reason for you having <a href="stats.php">{$lang->forumstats}</a>
in the header_welcomeblock_member_admin template. may be it is found by system as a security issue !

sarisisop

2011-12-16, 04:56 PM
I don't have this {$config['admin_dir']] in header_welcomeblock_member_admin

I have changed both {$config['admin_dir']} in member_profile_adminoptions with {$admin_dir}

But no change!

Nathan Malcolm

2011-12-16, 04:58 PM
You can't edit the master templates from the admin cp, but you can safely ignore those errors.

sarisisop

2011-12-16, 05:04 PM
So should I put them back to as was?

I do have access to my cPanel if that helps.

Quote:but you can safely ignore those errors.
I hope your right I don't like errors. Confused

crazy4cs

2011-12-16, 05:09 PM
(2011-12-16, 04:56 PM)sarisisop Wrote: [ -> ]I don't have this {$config['admin_dir']] in header_welcomeblock_member_admin

I have changed both {$config['admin_dir']} in member_profile_adminoptions with {$admin_dir}

But no change!
They might not be in default theme but other in other themes which you might be using.

Pages: 1 2 3 4
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Security issue after upgrade to 1.6.5